package com.pm.personal.controller;

import javax.annotation.Resource;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import com.pm.personal.biz.SecurityBiz;



@Controller
public class SecurityController {
    @Resource
    private SecurityBiz securityBiz;

    @RequestMapping("/login")
    public String login(){
        return "/personal/login";
    }
    
    @RequestMapping("/doLogin")
    public String doLogin(String username, String password){
        securityBiz.login(username, password);
        Subject user = SecurityUtils.getSubject();
        System.out.println(user.hasRole("admin"));
        System.out.println(user.isPermitted("sys:system:update"));
        return "/personal/index";
    }

    @RequiresAuthentication
    @RequestMapping("/list")
    public String list(){
        return "/personal/list";
    }

    @RequiresRoles(value = "admin")
    @RequestMapping("/add")
    public String add(){
        return "/add";
    }
}
